Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Online Account Hacked

Started by netero , Jun 13 2009 06:15 PM

  • Please log in to reply

#1
netero
Posted 13 June 2009 - 06:15 PM

netero

    New Member

  • Member
  • Pip
  • 1 posts
Hello thank you for any help you might have for this.

A few weeks ago my roommates wow account was hacked and after he got it fixed.
It was hacked again almost immediately. He was told no wrong passwords were tried
etc and that he might have a virus on his computer.

A few days after his 2nd time getting hacked mine was too.

I ran Avast and Malwarebytes and came up with a few things like
Alureon-Br etc but am not sure i got everything.

I am considering a full reinstall of the computer but don't want to do that if not necessary.


i ran the Combo-Fix and have this log - I also started a Thorough Scan with archived files enabled in Avast
but takes a very long time.

Thank you again for anything you can tell me.

ComboFix 09-06-13.03 - Sushi 06/13/2009 15:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.657 [GMT -7:00]
Running from: c:\documents and settings\Sushi\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090613-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sushi\Application Data\.#
c:\program files\MicPhone
c:\program files\MicPhone\antit.dll
c:\windows\IE4 Error Log.txt
c:\windows\jestertb.dll
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXrotvjtfhmybpqrxrsirjjdokijrhntot.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSIVXSERV.SYS
-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-10 03:56 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-10 03:56 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-10 03:27 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 03:27 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-10 03:27 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-10 03:27 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-09 05:26 . 2009-06-09 05:26 -------- d-----w- c:\documents and settings\Sushi\Application Data\Malwarebytes
2009-06-09 05:26 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 05:26 . 2009-06-09 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 05:26 . 2009-06-09 05:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 05:26 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 03:12 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-09 03:12 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-09 03:12 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-09 03:12 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-09 03:12 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-09 03:12 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-09 03:12 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-09 03:12 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-09 03:12 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-09 03:12 . 2009-06-09 03:12 -------- d-----w- c:\program files\Alwil Software
2009-06-09 02:52 . 2009-06-09 02:52 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-09 02:51 . 2009-06-09 02:51 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-06-04 04:35 . 2009-06-04 04:35 -------- d-----w- c:\program files\iPod
2009-06-04 04:35 . 2009-06-04 04:35 -------- d-----w- c:\program files\iTunes
2009-06-04 04:33 . 2009-06-04 04:33 -------- d-----w- c:\program files\QuickTime
2009-06-04 04:29 . 2009-06-04 04:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-03 01:34 . 2009-06-03 01:38 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-06-03 01:34 . 2009-06-03 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-03 01:27 . 2009-06-03 01:27 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-03 01:27 . 2009-06-03 01:27 -------- d-----w- c:\documents and settings\Sushi\Application Data\DAEMON Tools Pro
2009-06-02 06:05 . 2009-06-02 06:05 -------- d-----w- c:\documents and settings\Sushi\Local Settings\Application Data\Ascaron Entertainment
2009-06-02 06:03 . 2009-06-02 06:03 -------- d--h--r- c:\documents and settings\Sushi\Application Data\SecuROM
2009-06-02 05:26 . 2009-06-02 05:27 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-02 05:26 . 2009-06-02 05:26 -------- d-----w- c:\windows\system32\AGEIA
2009-06-02 05:26 . 2009-06-02 05:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-31 06:04 . 2009-05-31 06:04 -------- d-----w- c:\documents and settings\Sushi\Application Data\Leadertech
2009-05-31 05:59 . 2009-05-31 05:59 0 ----a-w- c:\windows\PowerReg.dat
2009-05-27 05:15 . 2009-05-27 05:15 -------- d-----w- c:\documents and settings\Sushi\Local Settings\Application Data\Gas Powered Games
2009-05-26 15:47 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-05-26 15:47 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-05-26 15:47 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-05-26 15:46 . 2008-10-27 17:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-05-26 15:46 . 2008-10-27 17:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-05-26 15:46 . 2008-10-27 17:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-05-26 15:46 . 2008-10-27 17:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-05-26 15:46 . 2008-07-31 17:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-05-26 15:46 . 2008-07-31 17:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-05-26 15:46 . 2008-07-31 17:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-05-26 15:46 . 2008-07-12 15:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-05-26 15:46 . 2008-07-12 15:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-05-26 15:46 . 2008-07-12 15:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-05-26 15:43 . 2009-05-26 15:43 -------- d-----w- c:\documents and settings\Sushi\Application Data\Stardock
2009-05-26 15:41 . 2009-05-26 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardock
2009-05-18 19:03 . 2009-05-18 19:03 -------- d-----w- c:\documents and settings\Sushi\Application Data\Viewpoint
2009-05-17 06:30 . 2009-05-17 06:30 -------- d-----w- c:\documents and settings\Sushi\Local Settings\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 20:39 . 2008-01-08 02:11 -------- d-----w- c:\documents and settings\Sushi\Application Data\uTorrent
2009-06-12 15:37 . 2009-01-29 00:31 -------- d-----w- c:\program files\AIM6
2009-06-12 15:37 . 2009-01-29 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-12 15:36 . 2009-06-12 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-09 05:51 . 2008-03-12 22:30 -------- d-----w- c:\program files\MAME32k
2009-06-09 05:50 . 2008-03-04 02:16 -------- d-----w- c:\program files\Java
2009-06-09 05:48 . 2008-11-23 06:14 -------- d-----w- c:\program files\GGPO
2009-06-09 05:47 . 2008-01-07 05:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 04:33 . 2004-08-12 12:00 2864 ----a-w- c:\windows\system32\winsock.dll
2009-06-09 03:10 . 2008-04-29 15:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-07 20:07 . 2008-01-08 02:10 -------- d-----w- c:\program files\PeerGuardian2
2009-06-05 04:23 . 2008-01-09 01:40 56936 ----a-w- c:\documents and settings\Sushi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-04 04:35 . 2008-01-09 01:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 06:00 . 2008-05-24 23:13 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-02 06:00 . 2008-05-24 23:13 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-29 20:36 . 2009-03-13 15:39 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 20:36 . 2008-01-09 01:34 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 15:28 . 2009-01-01 23:22 -------- d-----w- c:\documents and settings\Sushi\Application Data\LimeWire
2009-05-25 19:04 . 2008-02-29 06:37 -------- d-----w- c:\documents and settings\Sushi\Application Data\Orbit
2009-05-19 08:36 . 2009-06-12 15:36 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-12 15:36 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-12 15:36 97072 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-12 15:36 25 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-12 15:36 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-12 15:36 142040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-12 15:36 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-12 15:36 111920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-13 05:15 . 2004-08-12 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-12 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 05:06 . 2009-04-21 05:06 152576 ----a-w- c:\documents and settings\Sushi\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-17 12:26 . 2004-08-12 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-12 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-22 23:47 . 2008-04-13 23:43 81992 ----a-w- c:\windows\War3Unin.dat
2009-03-20 03:02 . 2009-03-20 03:01 37514 ----a-w- c:\windows\scunin.dat
2009-03-20 03:02 . 2009-03-20 03:01 967 ----a-w- c:\windows\ScUnin.pif
2009-03-20 03:02 . 2009-03-20 03:01 94208 ----a-w- c:\windows\ScUnin.exe
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-04-14 00:11 . 2004-08-12 12:00 13626368 --sh--w- c:\windows\system32\icm64.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-19 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-09 1934336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-23 81920]
"awxDTools"="c:\progra~1\arniWORX\AWXDTO~1\awxDTools.dll" [2005-03-17 126976]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-04-25 280064]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-10-21 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-10-22 2744832]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-6 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 09:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/8/2009 8:12 PM 114768]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [4/23/2007 4:03 AM 82200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/8/2009 8:12 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/28/2009 5:32 PM 24652]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [8/12/2004 5:00 AM 14336]
S2 NetCM;Network Connection Manager;c:\program files\NetMeeting\Netsh.exe [7/4/2007 12:10 PM 417280]
S4 prtgwatchservice;PRTG Watchdog;c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe --> c:\program files\PRTG Traffic Grapher\watchdog\prtgwatchdog.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wmcmgc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-06-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-06-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKU-Default-Run-shv - c:\program files\MicPhone\antit.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {933598CB-8FC4-4983-8C1B-E1C84FD51B2C} = 192.168.1.1,207.141.24.1
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 15:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f0,a5,36,1c,7b,a3,44,89,5b,fd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ef,f0,a5,36,1c,7b,a3,44,89,5b,fd,\

[HKEY_USERS\S-1-5-21-1645522239-1897051121-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,05,b5,5b,06,56,86,43,db,b8,b1,2b,83,78,b9,21,19,b3,f1,31,bf,
1c,82,bb,48,60,73,87,c4,71,ec,c4,8c,8e,5b,37,b4,83,b3,16,23,25,57,e1,6b,64,\
"rkeysecu"=hex:70,62,aa,28,9b,ab,b4,a1,af,35,ff,39,b4,f9,79,bc
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\NetLimiter 2 Pro\NLClient.exe
c:\windows\system32\CF23736.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-06-13 15:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-13 22:20

Pre-Run: 14,627,074,048 bytes free
Post-Run: 15,610,601,472 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

293 --- E O F --- 2009-06-10 10:03

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP